376cff4973894ab386aa8e788c5033189bacd66a39f9da1ae20ee18ced749ab9

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
16-11-2024 20:52

Target

BTC-Stealer.exe
Size

201.3MB
MD5

de367e953006531022f59c6c3700e4b4
SHA1

ea0383a88ba077c29cfbbd5c14ffc03497d0fea3
SHA256

3b3e5cd21b9ee308ce4a04e1a7a1f0f2c5f44fc6633300b57bddd3ffa41a04e3
SHA512

a043571e267131eded7a04f9221e8cb8f5ba7608fadf2a48bed6fc2ab5f98a157ab375bff4c342755dad64e994cc545c07fe919f1e52c649a640f1f6019f41ab
SSDEEP

6144:SitPBXe1j1agJRe6qTF38D6t6HTOJcmhrf:SuBmagJRe6qc6t6z2f

Score

8^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	BTC-Stealer.exe

C:\Users\Admin\AppData\Local\Temp\BTC-Stealer.exe
"C:\Users\Admin\AppData\Local\Temp\BTC-Stealer.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1944

memory/1944-0-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

Filesize
4KB

Download
memory/1944-1-0x0000000000120000-0x0000000001120000-memory.dmp

Filesize
16.0MB

Download
memory/1944-2-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

Filesize
9.9MB

Download
memory/1944-3-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

Filesize
9.9MB

Download
memory/1944-4-0x000007FEF4E33000-0x000007FEF4E34000-memory.dmp

Filesize
4KB

Download
memory/1944-5-0x000007FEF4E30000-0x000007FEF581C000-memory.dmp

Filesize
9.9MB

Download